On 9/29/06, Octavian Rasnita <[EMAIL PROTECTED]> wrote:
Hi all,
Do you know a method of accessing an SQL database which is crypted from a
perl program?
I want to use something like SQLite, but it is not crypted. I don't want to
install a database server like MySQL.
Thanks.
Teddy
Teddy,
As far as I know, SQLite is the only SQL database that doesn't require
a server. If you want the entire database to be encrypted and don't
want to look at mySQL, Postgres, Oracle, etc., you'll need to look at
the options your OS provides for encrypted FS or images. If all you
care about is encrypting the data, you can do that from within Perl.
Just hash the data using one of the Crypt:: modules before you pass it
to SQLite. You can even encrypt the column names if you want. SQLite
doesn't if you're column is called "last_name" or "xyzzy". Of course
that isn't a complete solution: an attacker would still be able to see
your columns and column defs. that's not really as bad as it sounds,
though, because in practice all of your clumns would be text to
accomodate the armored hashes.
The drawback, of course, is that it's on you to hash the values for
all you select statements, and keep track of which columns are which
internally.
Keep this in mind, though: encrypting a local database is probably an
excercise in futility. Anyone who can get to your encrypted database
can probably also get to your unencrypted Perl script, which will
probably give them access to your database.
Best,
-- jay
--------------------------------------------------
This email and attachment(s): [ ] blogable; [ x ] ask first; [ ]
private and confidential
daggerquill [at] gmail [dot] com
http://www.tuaw.com http://www.downloadsquad.com http://www.engatiki.org
values of β will give rise to dom!
